xref: /netbsd-src/tests/net/ipsec/algorithms.sh (revision 14b13206bb28d9a654f362e0fb345eb63fda2e0a) 
1*14b13206Smsaitoh#	$NetBSD: algorithms.sh,v 1.7 2021/12/05 02:49:21 msaitoh Exp $
20b5da45aSozaki-r#
30b5da45aSozaki-r# Copyright (c) 2017 Internet Initiative Japan Inc.
40b5da45aSozaki-r# All rights reserved.
50b5da45aSozaki-r#
60b5da45aSozaki-r# Redistribution and use in source and binary forms, with or without
70b5da45aSozaki-r# modification, are permitted provided that the following conditions
80b5da45aSozaki-r# are met:
90b5da45aSozaki-r# 1. Redistributions of source code must retain the above copyright
100b5da45aSozaki-r#    notice, this list of conditions and the following disclaimer.
110b5da45aSozaki-r# 2. Redistributions in binary form must reproduce the above copyright
120b5da45aSozaki-r#    notice, this list of conditions and the following disclaimer in the
130b5da45aSozaki-r#    documentation and/or other materials provided with the distribution.
140b5da45aSozaki-r#
150b5da45aSozaki-r# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
160b5da45aSozaki-r# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
170b5da45aSozaki-r# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
180b5da45aSozaki-r# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
190b5da45aSozaki-r# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
200b5da45aSozaki-r# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
210b5da45aSozaki-r# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
220b5da45aSozaki-r# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
230b5da45aSozaki-r# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
240b5da45aSozaki-r# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
250b5da45aSozaki-r# POSSIBILITY OF SUCH DAMAGE.
260b5da45aSozaki-r#
270b5da45aSozaki-r
280b5da45aSozaki-rESP_ENCRYPTION_ALGORITHMS="des-cbc 3des-cbc null blowfish-cbc cast128-cbc \
290b5da45aSozaki-r    des-deriv rijndael-cbc aes-ctr camellia-cbc aes-gcm-16 aes-gmac"
3015fbe231Sozaki-rESP_ENCRYPTION_ALGORITHMS_MINIMUM="null rijndael-cbc"
310b5da45aSozaki-r
32*14b13206Smsaitoh# Valid key lengths of ESP encryption algorithms
330b5da45aSozaki-r#    des-cbc         64
340b5da45aSozaki-r#    3des-cbc        192
350b5da45aSozaki-r#    null            0 to 2048     XXX only accept 0 length
360b5da45aSozaki-r#    blowfish-cbc    40 to 448
370b5da45aSozaki-r#    cast128-cbc     40 to 128
380b5da45aSozaki-r#    des-deriv       64
390b5da45aSozaki-r#    3des-deriv      192           XXX not implemented
400b5da45aSozaki-r#    rijndael-cbc    128/192/256
410b5da45aSozaki-r#    twofish-cbc     0 to 256      XXX not supported
420b5da45aSozaki-r#    aes-ctr         160/224/288
430b5da45aSozaki-r#    camellia-cbc    128/192/256
440b5da45aSozaki-r#    aes-gcm-16      160/224/288
450b5da45aSozaki-r#    aes-gmac        160/224/288
460b5da45aSozaki-rvalid_keys_descbc="64"
470b5da45aSozaki-rinvalid_keys_descbc="56 72"
480b5da45aSozaki-rvalid_keys_3descbc="192"
490b5da45aSozaki-rinvalid_keys_3descbc="184 200"
500b5da45aSozaki-r#valid_keys_null="0 2048"
510b5da45aSozaki-rvalid_keys_null="0"
520b5da45aSozaki-rinvalid_keys_null="8"
530b5da45aSozaki-rvalid_keys_blowfishcbc="40 448"
540b5da45aSozaki-rinvalid_keys_blowfishcbc="32 456"
550b5da45aSozaki-rvalid_keys_cast128cbc="40 128"
560b5da45aSozaki-rinvalid_keys_cast128cbc="32 136"
570b5da45aSozaki-rvalid_keys_desderiv="64"
580b5da45aSozaki-rinvalid_keys_desderiv="56 72"
590b5da45aSozaki-r#valid_keys_3desderiv="192"
600b5da45aSozaki-r#invalid_keys_3desderiv="184 200"
610b5da45aSozaki-rvalid_keys_rijndaelcbc="128 192 256"
620b5da45aSozaki-rinvalid_keys_rijndaelcbc="120 136 184 200 248 264"
630b5da45aSozaki-r#valid_keys_twofishcbc="0 256"
640b5da45aSozaki-r#invalid_keys_twofishcbc="264"
650b5da45aSozaki-rvalid_keys_aesctr="160 224 288"
660b5da45aSozaki-rinvalid_keys_aesctr="152 168 216 232 280 296"
670b5da45aSozaki-rvalid_keys_camelliacbc="128 192 256"
680b5da45aSozaki-rinvalid_keys_camelliacbc="120 136 184 200 248 264"
690b5da45aSozaki-rvalid_keys_aesgcm16="160 224 288"
700b5da45aSozaki-rinvalid_keys_aesgcm16="152 168 216 232 280 296"
710b5da45aSozaki-rvalid_keys_aesgmac="160 224 288"
720b5da45aSozaki-rinvalid_keys_aesgmac="152 168 216 232 280 296"
730b5da45aSozaki-r
740b5da45aSozaki-rAH_AUTHENTICATION_ALGORITHMS="hmac-md5 hmac-sha1 keyed-md5 keyed-sha1 null \
750b5da45aSozaki-r    hmac-sha256 hmac-sha384 hmac-sha512 hmac-ripemd160 aes-xcbc-mac"
76881bdf49Sozaki-rAH_AUTHENTICATION_ALGORITHMS_MINIMUM="null hmac-sha512"
770b5da45aSozaki-r
780b5da45aSozaki-r# Valid key lengths of AH authentication algorithms
790b5da45aSozaki-r#    hmac-md5        128
800b5da45aSozaki-r#    hmac-sha1       160
810b5da45aSozaki-r#    keyed-md5       128
820b5da45aSozaki-r#    keyed-sha1      160
830b5da45aSozaki-r#    null            0 to 2048
840b5da45aSozaki-r#    hmac-sha256     256
850b5da45aSozaki-r#    hmac-sha384     384
860b5da45aSozaki-r#    hmac-sha512     512
870b5da45aSozaki-r#    hmac-ripemd160  160
880b5da45aSozaki-r#    aes-xcbc-mac    128
890b5da45aSozaki-r#    tcp-md5         8 to 640  XXX not enabled in rump kernels
900b5da45aSozaki-rvalid_keys_hmacmd5="128"
910b5da45aSozaki-rinvalid_keys_hmacmd5="120 136"
920b5da45aSozaki-rvalid_keys_hmacsha1="160"
930b5da45aSozaki-rinvalid_keys_hmacsha1="152 168"
940b5da45aSozaki-rvalid_keys_keyedmd5="128"
950b5da45aSozaki-rinvalid_keys_keyedmd5="120 136"
960b5da45aSozaki-rvalid_keys_keyedsha1="160"
970b5da45aSozaki-rinvalid_keys_keyedsha1="152 168"
980b5da45aSozaki-r#valid_keys_null="0 2048"
990b5da45aSozaki-rvalid_keys_null="0"
1000b5da45aSozaki-rinvalid_keys_null="8"
1010b5da45aSozaki-rvalid_keys_hmacsha256="256"
1020b5da45aSozaki-rinvalid_keys_hmacsha256="248 264"
1030b5da45aSozaki-rvalid_keys_hmacsha384="384"
1040b5da45aSozaki-rinvalid_keys_hmacsha384="376 392"
1050b5da45aSozaki-rvalid_keys_hmacsha512="512"
1060b5da45aSozaki-rinvalid_keys_hmacsha512="504 520"
1070b5da45aSozaki-rvalid_keys_hmacripemd160="160"
1080b5da45aSozaki-rinvalid_keys_hmacripemd160="152 168"
1090b5da45aSozaki-rvalid_keys_aesxcbcmac="128"
1100b5da45aSozaki-rinvalid_keys_aesxcbcmac="120 136"
1110b5da45aSozaki-r#valid_keys_tcpmd5="8 640"
1120b5da45aSozaki-r#invalid_keys_tcpmd5="648"
1130b5da45aSozaki-r
114b95a2670Sozaki-rIPCOMP_COMPRESSION_ALGORITHMS="deflate"
115b95a2670Sozaki-rIPCOMP_COMPRESSION_ALGORITHMS_MINIMUM="deflate"
116b95a2670Sozaki-rvalid_keys_deflate="0"
117b95a2670Sozaki-rinvalid_keys_deflate="8"
118b95a2670Sozaki-rminlen_deflate="90"
119b95a2670Sozaki-r
1200b5da45aSozaki-rget_one_valid_keylen()
1210b5da45aSozaki-r{
1220b5da45aSozaki-r	local algo=$1
1230b5da45aSozaki-r	local _algo=$(echo $algo | sed 's/-//g')
1240b5da45aSozaki-r	local len=
1250b5da45aSozaki-r	local keylengths=
1260b5da45aSozaki-r
1270b5da45aSozaki-r	eval keylengths="\$valid_keys_${_algo}"
1280b5da45aSozaki-r
1290b5da45aSozaki-r	for len in $(echo $keylengths); do
1300b5da45aSozaki-r		break;
1310b5da45aSozaki-r	done
1320b5da45aSozaki-r
1330b5da45aSozaki-r	echo $len
1340b5da45aSozaki-r}
1350b5da45aSozaki-r
1360b5da45aSozaki-rget_valid_keylengths()
1370b5da45aSozaki-r{
1380b5da45aSozaki-r	local algo=$1
1390b5da45aSozaki-r	local _algo=$(echo $algo | sed 's/-//g')
1400b5da45aSozaki-r
1410b5da45aSozaki-r	eval keylengths="\$valid_keys_${_algo}"
1420b5da45aSozaki-r	echo $keylengths
1430b5da45aSozaki-r}
1440b5da45aSozaki-r
1450b5da45aSozaki-rget_invalid_keylengths()
1460b5da45aSozaki-r{
1470b5da45aSozaki-r	local algo=$1
1480b5da45aSozaki-r	local _algo=$(echo $algo | sed 's/-//g')
1490b5da45aSozaki-r
1500b5da45aSozaki-r	eval keylengths="\$invalid_keys_${_algo}"
1510b5da45aSozaki-r	echo $keylengths
1520b5da45aSozaki-r}
1530b5da45aSozaki-r
1540b5da45aSozaki-rgenerate_key()
1550b5da45aSozaki-r{
1560b5da45aSozaki-r	local keylen=$(($1 / 8))
1570b5da45aSozaki-r	local key=
1580b5da45aSozaki-r
1590b5da45aSozaki-r	while [ $keylen -gt 0 ]; do
1600b5da45aSozaki-r		key="${key}a"
1610b5da45aSozaki-r		keylen=$((keylen - 1))
1620b5da45aSozaki-r	done
1630b5da45aSozaki-r	if [ ! -z "$key" ]; then
1640b5da45aSozaki-r		key="\"$key\""
1650b5da45aSozaki-r	fi
1660b5da45aSozaki-r
1670b5da45aSozaki-r	echo $key
1680b5da45aSozaki-r}
169e106de31Sozaki-r
170e106de31Sozaki-rgenerate_algo_args()
171e106de31Sozaki-r{
172e106de31Sozaki-r	local proto=$1
173e106de31Sozaki-r	local algo=$2
174e106de31Sozaki-r	local keylen=$(get_one_valid_keylen $algo)
175e106de31Sozaki-r	local key=$(generate_key $keylen)
176e106de31Sozaki-r
1770d858128Sozaki-r	if [ $proto = esp -o $proto = "esp-udp" ]; then
178e106de31Sozaki-r		echo "-E $algo $key"
179b95a2670Sozaki-r	elif [ $proto = ah ]; then
180e106de31Sozaki-r		echo "-A $algo $key"
181b95a2670Sozaki-r	else
182b95a2670Sozaki-r		echo "-C $algo $key"
183e106de31Sozaki-r	fi
184e106de31Sozaki-r}
185b95a2670Sozaki-r
186b95a2670Sozaki-rget_minlen()
187b95a2670Sozaki-r{
188b95a2670Sozaki-r	local algo=$1
189b95a2670Sozaki-r	local minlen=
190b95a2670Sozaki-r
191b95a2670Sozaki-r	eval minlen="\$minlen_${algo}"
192b95a2670Sozaki-r	echo $minlen
193b95a2670Sozaki-r}
194